The Department of Homeland Security (DHS) Science and Technology (S&T) Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Division's (CSD) announce a Broad Agency Announcement (BAA) for Fiscal Year 2011 to improve the security in both Federal networks and the larger Internet.

This Broad Agency Announcement (BAA) seeks ideas and proposals for Research and Development (R&D) in 14 Technical Topic Areas (TTAs) related to CSD. The total estimated value of this acquisition is $40 million.

Cyber attacks are increasing in frequency and impact. Even though these attacks have not yet had a significant impact on our Nation's critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders.

The DHS S&T mission is to conduct, for homeland security purposes, research, development, test and evaluation (RDT&E) and timely transition of cyber security capabilities to operational units within DHS, as well as local, state, Federal and operational end users in critical infrastructure. Cyber security is defined in broad terms to encompass the usual attributes of security, as well as reliability, availability, and survivability in the face of adversary attack and accidental fault, while preserving privacy.

DHS S&T invests in programs offering the potential for revolutionary changes in technologies that promote homeland security and accelerate the prototyping and system prototype demonstration in an operational environment of technologies that reduce homeland vulnerabilities.

A critical area of focus for DHS is the development and deployment of technologies to protect the nation's cyber infrastructure, including the Internet and other critical infrastructures that depend on computer systems for their mission.

The goals of the DHS Cyber Security Division (CSD) are:

• To perform research and development (R&D) aimed at improving the security of existing deployed technologies, and to ensure the security of new emerging systems;

• To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation's critical information infrastructure; and

• To assist the transfer of these technologies into the national infrastructure as a matter of urgency.

The attached document 'Cyber Security BAA 11-02 Amend 00002.pdf' makes changes from the previous version. The BAA 11-02 is hereby amended as follows. All changes in the document from the original version are indicated by underline:

The attached document 'Cyber Security BAA 11-02 Amend 00003.pdf' makes changes from the previous version. BAA 11-02 is hereby amended as follows. All changes in the document from the original version are indicated by underline:

1. VIII.C.1.c. and d. changed to read:

"c. Name of offeror's organization and offeror's administrative and technical points of contact, including name, address, telephone and facsimile numbers, and email addresses. If multiple organizations are participating, identify the above information for each organization; d. Identify whether the offeror (and each organization participating) is a US or foreign owned entity; "

2. VIII.C.3.d. changed to read:

"d. Personnel and Performer Qualifications and Experience: Briefly describe the offeror's qualifications and experience in similar development efforts. Present the qualifications of the principal technical personnel. Submission shall include the identification of at least two key personnel who, if a resultant award is made, will be subject to any key personnel clauses included in the resultant award. Describe the extent of your team's past experience in working with or developing the technologies comprising your solution. For submissions that include multiple organizations, all organizations must be identified and include a description of what role each organization will play in the project, identify appropriate technical personnel, and each team member's past experience in technical areas related to the white paper."

3. VIII.D.2. changed to read:

"2. Multiple white papers may be submitted in accordance with the terms outlined in paragraph VIII.A.3 above."

4. IX.C.1.a.(3) and (4) changed to read:

"(3) Name of offeror's organization and offeror's administrative and technical points of contact, including name, address, telephone and facsimile numbers, and email addresses. If multiple organizations are participating, identify the above information for each organization; (4) Identify whether the offeror (and each organization participating) is a US or foreign owned entity;"

"E. Amendment 00004 alerts potential offerors that this BAA intends to have foreign government participation, to include access to white papers and subsequent proposal submissions for purposes of determining joint-funding and to include joint participation in overseeing projects throughout the contract period of performance. In particular, this BAA may involve cooperative activities in accordance with 6 U.S.C. § 195c and existing, bilateral international agreements on cooperation that DHS has with the: (a) United Kingdom of Great Britain and Northern Ireland and (b) Government of Australia. Specific details regarding foreign government cooperation are provided throughout this BAA, as amended herein. To review these two international agreements, see the section titled, "Cooperation in Homeland/Civil Security Matters" at the following link: http://www.dhs.gov/files/international/counterterrorism.shtm."

2. Add the following sentence to paragraph VII.A.1:

"Additional joint funding from either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia may further be provided subject to their respective availability of funds, as well as interest in the particular proposal(s)."

If multiple organizations are participating, one signature from the principal/leading organization is acceptable.

6. Add paragraph VII.C.3.g as follows:

"g. Export Control: Potential offerors are reminded this BAA seeks unclassified technology solutions and that white papers may be shared with foreign government personnel from either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia. As required by paragraph VIII.B.9 above, white paper submissions are to identify any items that are potentially export-controlled; such that dissemination to these foreign government personnel may be inhibited by United States federal laws, rules, or regulations."

8. Renumber paragraph the current paragraph "IX.C.1.r" to "IX.C.1.s" and insert the following new paragraph IX.C.1.r:

"r. Export Control: Potential offerors are reminded this BAA seeks unclassified technology solutions and that proposals may be shared with foreign government personnel from either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia. As required by paragraph IX.B.2.f above, proposal submissions are to identify any items that are potentially export-controlled; such that dissemination to these foreign government personnel may be inhibited by United States federal laws, rules, or regulations."

9 Add the following to paragraph IX.D.6:

"In addition, foreign government personnel from either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia, participating as outlined in paragraph I.E above, are bound by the non-disclosure provisions covering the protection of "business confidential" information, as stated in their international agreements with the DHS and are not be permitted to release any information to third parties, including others in their organization. By submission of a white paper and/or subsequent proposal, offerors are hereby consenting access to financial, confidential, proprietary, and/or trade secret marked information in the white paper and/or subsequent proposal to these foreign government personnel. To review these two international agreements, see the section titled, "Cooperation in Homeland/Civil Security Matters" at the following link: http://www.dhs.gov/files/international/counterterrorism.shtm."

10. Add the following to paragraph XIV.E.3:

"The DHS may use foreign government personnel from either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia to participate in this acquisition as outlined in paragraph I.E above. These foreign government personnel are bound by the non-disclosure provisions covering the protection of "business confidential" information, as stated in their international agreements with the DHS and are not be permitted to release any information to third parties, including others in their organization."

Add the following full text clauses to Appendix B, Applicable Provisions and Clauses:

DHS/S&T has issued this BAA and shall evaluate White Papers and Full Proposals in accordance with the solicitation's terms and conditions. That said, potential offerors are put on notice that the DHS may elect to have other United States' federal agencies negotiate and ultimately award funding instruments under this BAA (which DHS/S&T evaluated and selected for negotiation). These other federal entities may include the: Department of Interior - National Business Center; Air Force Research Laboratory (AFRL), and/or Space and Naval Warfare Systems Command (SPAWAR). Consequently, resultant funding instruments may deviate from the anticipated FAR clauses noted immediately above by substituting applicable Defense FAR Supplement (DFARS) clauses.

Under this BAA and as authorized by 6 U.S.C. § 195c, a resultant award may be jointly-funded by the DHS and either the United Kingdom of Great Britain and Northern Ireland or the Government of Australia. If jointly-funded, pursuant to those countries' international agreements with the DHS, certain contractual provisions must be included in the resultant funding instrument(s). Specifically, as required by both international agreements, their Article Ten, Contracting, indicates:

DHS shall ensure suitable provisions to satisfy the requirements of Article 12 (Information Security), Article 13 (Intellectual Property Management and Use of Information), Article 14 (Publication of Research Results) and Article 17 (Third Party Sales and Transfers) are inserted into contracts awarded under this BAA, as well as have them require subcontracting flow-down of said provisions. To review these two international agreements, see the section titled, "Cooperation in Homeland/Civil Security Matters" at the following link: http://www.dhs.gov/files/international/counterterrorism.shtm."

From: "Volume 1: No more than 40 single-sided pages. Proposals exceeding the page limit may not be evaluated. The cover page, table of contents, and any authorized appendices, as outlined herein (i.e., proposed option to utilize DETER as a secondary testbed, resumes for key personnel, and list of any current or pending awards or proposals with DHS), submitted by the offeror are excluded from the page limitation."

To: "Volume 1: No more than 40 single-sided pages. Proposals exceeding the page limit may not be evaluated. The cover page, table of contents, and any authorized appendices as outlined herein (i.e., proposed option to utilize DETER as a secondary testbed, resumes for key personnel, list of any current or pending awards or proposals with DHS, and any attached copies of licenses required by paragraph IX.C.1.s(2)(c)(ii) below), submitted by the offeror are excluded from the page limitation."

(2) Paragraph IX.C.1(p), change:

From: "Resumes for Key Personnel: As an appendix, provide resumes and curriculum vitae (CVs) for each of the key personnel proposed. A minimum of two key personnel must be identified."

To: "Resumes for Key Personnel: As an appendix, provide resumes and curriculum vitae (CVs) for each of the key personnel proposed. CVs are expected to be 2-page NSF style bio sketch. A minimum of two key personnel must be identified."

(3) Paragraph IX.C.1.s(2)(c)(ii), add the following sentence:

"Licenses may be attached as appendices to the offeror's proposal (exclusive of the 40 page Volume 1 proposal limit)."

(4) Paragraph IX.C.2.b change:

From: "b. Provide a cost breakdown by task/sub task using the same tasks identified in the Statement of Work."

To: "b. Provide a cost breakdown by task, and if appropriate, sub task using the same tasks identified in the Statement of Work.

(5) Paragraph IX.C.2.b(1) change:

From: "(1) For each task/sub-task identified, provide a detailed breakdown of costs by year."

To: "(1) For each task, and if used, sub-task, identified, provide a detailed breakdown of costs by year."

(6) Paragraph IX.C.2.b(2), Subcontracts, change:

From: "...If the subcontractor costs cannot be included with the above detailed cost breakdown, then the prime contractor must stipulate on the detailed cost breakdown that the costs presented only represent those from the prime and the subcontractor's costs are provided separately in a sealed envelope. The separate subcontractor cost proposal must be as detailed as the offerors's cost proposal and must be submitted with the offeror's proposal."

To: "...If the subcontractor costs cannot be included with the above detailed cost breakdown, then the prime contractor must stipulate on the detailed cost breakdown that the costs presented only represent those from the prime and the subcontractor's costs are provided separately as an attachment to an e-mail sent to STCyberSecurityBAA@dhs.gov. The subject of the email must include the white paper number and should be titled, "Separate Subcontractor Cost Proposal - BAA 11-02-TTA XX-XXXX-WP." The body of the email shall contain the following:

• The prime entities name which should be the same entity that is registered in the BAA portal;• A POC (name and phone number) from the prime entity; and• For each subcontractor proposal attached, include:o The name of the subcontractor for the subcontractor proposal attached; ando A POC (name and phone number) from the subcontractor whose proposal is attached.

The separate subcontractor cost proposal must be as detailed as the offerors's cost proposal and must be received in the designated mailbox identified above no later than the closing date and time specified in paragraph IX.D.2 below. Note that email transmission time may vary depending on the file size of the attachment(s) included in the email. Therefore, ensure there is adequate time for receipt of the email and any accompanying attachments of the subcontractor(s) cost proposal(s) by the required closing date and time. Acceptance of the email submission is dependent upon the actual date and time the e-mail and any accompanying attachment(s) is RECEIVED in the designated mailbox identified above. NO SEPARATE SUBCONTRACTOR COST PROPOSALS RECEIVED IN THE DESIGNATED EMAIL BOX IDENTIFIED ABOVE WILL BE ACCEPTED IF RECEIVED AFTER THE CLOSING DATE AND TIME SPECIFIED IN PARAGRAPH IX.D.2 BELOW."

(7) Paragraph XIV.F.3., change:

From: "Disclosure. Each offeror ... and has included the mitigation plan in accordance with paragraph D. of this provision."

To: "Disclosure. Each offeror ... and has included the mitigation plan in accordance with paragraph 4, Mitigation/Waiver, below."

b. Logon using assigned username and password. Once logged on, the "Proposal Activity Worksheet" will display.

c. On "Proposal Activity Worksheet," under the section titled, "Proposals submitted or past due date", locate the submitted white paper for which a proposal is to be created.

d. Click on the "Create Full Proposal" link within the applicable white paper record. The "Start Full Proposal" page will display.

e. Enter the proposal title.

f. Click the "Add Proposal to Activity Worksheet" button. The "Proposal Activity Worksheet" page will display. The proposal that was started will be listed under the "Proposals in Progress" section.

g. For the proposal in progress, open each component displayed, i.e, "Cover Sheet A", "Cover Sheet B", "Cost Proposal", and "Proposal Upload" and complete. Further information regarding each of these components is provided below.

(1) "Cover Sheet A" and "Cover Sheet B" will not be marked as "Complete" until all required fields have been populated.

(2) "Cost Proposal" component. This component does not need any cost information to be entered since the proposal to be uploaded will contain a complete cost proposal. However, in order for this component to be marked "Complete", the below steps must be followed:

(d) On the "BAA Cost Proposal - Update Status" page, click the "Return to Activity Worksheet" button. The "Proposal Activity Worksheet" will display. The "Cost Proposal" component will now be marked as complete.

It is not necessary to delete any information that an offeror may have already populated in the "Cost Proposal" component. However, no information from this component, or any cost information included in any other component, will be used for the evaluation of submitted proposals. Only the cost information included in the submitted proposal will be considered in the evaluation of proposals.

(3) "Proposal Upload" component. In order for this component to be marked as "Complete", upload the Volume I and II prepared in accordance with the requirements outlined in BAA 11-02. Ensure Volumes I and II are listed under "Currently Uploaded File(s)" in order for this component to be marked as "Complete". Once uploaded, select the "Return to Activity Worksheet" button.

(4) Completing the "Briefing Chart" component is not required because the proposal that will be uploaded is required to contain a Quad Chart; so duplicating it in the "Briefing Chart" component is not necessary. Since this is an optional component, it is not necessary for the component to be marked "Complete" in order to successfully submit a proposal. It is not necessary to delete any information that an offeror may have already populated in the "Cost Proposal" component. However, no information from this component will be used for the evaluation of submitted proposals.

h. On the "Proposal Activity Worksheet" page, when all the components are listed as "Complete", except for the "Briefing Chart" component, click the "Submit Proposal" link located as the bottom left of the proposal in progress. The "Submit Proposal" page will display. THE PROPOSAL IS NOT YET SUBMITTED.

i. On the "Submit Proposal" page, click the "Submit Proposal" button. Once a proposal is successfully submitted, offerors will receive a confirmation message on the screen and via e-mail. If a confirmation message is not received, contact the BAA Portal help desk at dhsbaa@reisys.com. In addition, when the proposal has been correctly submitted, it will appear under the "Proposals submitted or past due date" section on the "Proposal Activity Worksheet" page, and will NO LONGER APPEAR under the "Proposals in progress" section.

Amendment 3

Description: The attached document 'Cyber Security BAA 11-02 Amend 00003.pdf' makes changes from the previous version. BAA 11-02 is hereby amended as follows. All changes in the document from the original version are indicated by underline:

1. VIII.C.1.c. and d. changed to read:

“c. Name of offeror’s organization and offeror’s administrative and technical points of contact, including name, address, telephone and facsimile numbers, and email addresses. If multiple organizations are participating, identify the above information for each organization;
d. Identify whether the offeror (and each organization participating) is a US or foreign owned entity; “

2. VIII.C.3.d. changed to read:

“d. Personnel and Performer Qualifications and Experience: Briefly describe the offeror’s qualifications and experience in similar development efforts. Present the qualifications of the principal technical personnel. Submission shall include the identification of at least two key personnel who, if a resultant award is made, will be subject to any key personnel clauses included in the resultant award. Describe the extent of your team’s past experience in working with or developing the technologies comprising your solution. For submissions that include multiple organizations, all organizations must be identified and include a description of what role each organization will play in the project, identify appropriate technical personnel, and each team member’s past experience in technical areas related to the white paper."

3. VIII.D.2. changed to read:

“2. Multiple white papers may be submitted in accordance with the terms outlined in paragraph VIII.A.3 above.”

4. IX.C.1.a.(3) and (4) changed to read:

“(3) Name of offeror’s organization and offeror’s administrative and technical points of contact, including name, address, telephone and facsimile numbers, and email addresses. If multiple organizations are participating, identify the above information for each organization;
(4) Identify whether the offeror (and each organization participating) is a US or foreign owned entity;”